If you’ve ever been sent a link via a messenger app, you’ve probably seen a link preview before. Many messenger and social media platforms that we use every day use this feature, from popular social networking apps like Facebook Messenger and Instagram, to tools we use in the workplace, like Slack, Zoom, and LinkedIn. A link preview is an automatically generated preview of a web page, usually in the form of an image or a headline, pulled from a website address by the app itself.
How do they work? The app will visit the link and survey what information is there. It then determines the most relevant information from the page and displays it to the recipient without them needing to click and open the link first. These visual previews can seem helpful—they provide you a quick snippet of what to expect in a news story, or display an image without needing to leave the app.
However, recent research has shown that these previews may actually expose your device to privacy concerns when they are not managed safely and securely.
What are the risks associated with using link preview?
In a recent research report by Talal Haj Bakry and Tommy Mysk, link previews were found to be a dangerous risk to cyber security. These previews can potentially leak sensitive data, expose devices to malware, and be a major drain on cellular data.
To generate a preview, the app or proxy downloads and copies information off of the URL, saving the information on their servers. As such, if you share private documents via link on an unsecure messenger platform, you risk a copy of your document being accessible to hacks and leaks. Even a password-protected URL—for example, a Dropbox or Google Drive link to some important company files—can be copied and saved to an app’s database. It’s always safest to share private company documents via email or a secure messenger platform, even when they are password protected.
Should you receive a malware link when a connection’s account is hacked, a link preview can begin downloading malware even if you are wise enough not to click the link. This can sadly negate all the careful training you’ve done with your employees to never click an unsafe link.
On the somewhat-less-frightening end of the scale, link previews can also be a costly nuisance. They drain battery life and may run up unnecessary data charges on a cell phone or tablet. Because they automatically begin downloading a file without your permission, simply receiving the URL to a large file can quickly burn through precious cellular data. Imagine receiving a preview of a 2GB video file your colleague has shared with the team while you’re on your commute home… yikes.
Does this mean all messenger apps are unsafe?
Well, yes and no. You don’t have to block all social media platforms at your business to keep your company and employees safe. However, it’s critical to be aware of the safest ways to send and receive links using company devices, and educate your employees to follow protocol. Social media platforms have proven to be the worst offenders for link security, with Facebook Messenger and Instagram topping the report on the least secure ways to send and receive URLs.
This new research serves as a powerful reminder that private messages aren’t always completely private.
- Whenever possible, use apps that don’t generate a link preview at all, especially in the workplace.
- These apps will simply send the URL in text format, allowing you to read the full address.
- This helps the recipient determine whether the address is safe or not and prevents an app from saving a copy of the link.
If you’re looking for further guidance on how to keep your organization safe, it’s time to consider hiring someone to help manage and monitor your IT infrastructure for you. As we enter an increasingly digital era of work, security is more important than ever. Stay on top of security threats with managed IT services. Contact us to find out more.